PT-2019-4488 · Linux+5 · Linux Kernel+5

Tristan Madani

·

Published

2019-11-29

·

Updated

2020-06-18

·

CVE-2019-19768

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel version 5.4.0-rc2
Description The issue is related to a use-after-free (read) in the blk add trace function, which is used to fill out a blk io trace structure and place it in a per-cpu sub-buffer. This can potentially allow a remote attacker to cause a denial of service.
Recommendations For Linux kernel version 5.4.0-rc2, consider disabling the blk add trace function as a temporary workaround until a patch is available. Restrict access to the blktrace.c module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2019-3293
BDU:2020-00329
CESA-2020_1567
CESA-2020_1769
CVE-2019-19768
DLA-2241-1
DLA-2241-2
DLA-2242-1
DSA-4698-1
MGASA-2020-0140
MGASA-2020-0158
OPENSUSE-SU-2020:0388-1
OPENSUSE-SU-2020_0388-1
RHSA-2020:1567
RHSA-2020:1769
RHSA-2020:1966
RHSA-2020:2082
RHSA-2020:2085
RHSA-2020:2104
RHSA-2020:2199
RHSA-2020:2203
RHSA-2020:2214
RHSA-2020:2242
RHSA-2020:2277
RHSA-2020:2285
RHSA-2020:2289
RHSA-2020:2291
RHSA-2020:2519
RHSA-2020:2522
RHSA-2020_1567
RHSA-2020_1769
RHSA-2020_2082
RHSA-2020_2085
SUSE-SU-2020:0836-1
SUSE-SU-2020:1084-1
SUSE-SU-2020:1085-1
SUSE-SU-2020:1087-1
SUSE-SU-2020:1118-1
SUSE-SU-2020:1119-1
SUSE-SU-2020:1123-1
SUSE-SU-2020:1141-1
SUSE-SU-2020:1142-1
SUSE-SU-2020:1255-1
SUSE-SU-2020:1275-1
SUSE-SU-2020:14354-1
SUSE-SU-2020:1663-1
SUSE-SU-2020_0836-1
SUSE-SU-2020_1087-1
SUSE-SU-2020_1119-1
SUSE-SU-2020_1123-1
SUSE-SU-2020_1141-1
SUSE-SU-2020_1663-1
USN-4342-1
USN-4344-1
USN-4345-1
USN-4346-1

Affected Products

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu